<?php
include('../config.php');
	if (!isset($_FILES['image']['tmp_name'])) {
		echo "";
	}else{
		$file=$_FILES['image']['tmp_name'];
		$image= addslashes(file_get_contents($_FILES['image']['tmp_name']));
		$image_name= addslashes($_FILES['image']['name']);
		$image_size= getimagesize($_FILES['image']['tmp_name']);
		if ($image_size==FALSE) {
			echo "That's not an image!";
		}else{
			$filename = preg_replace('/\s\s+/','', trim($_FILES["image"]["name"]));
			move_uploaded_file($_FILES["image"]["tmp_name"],"../images/products/" .$filename);
			$location="images/products/".$filename.";";
			$roomid=$_POST['roomid'];
			$query = mysql_query("SELECT * FROM product WHERE pID='".$roomid."'");
			if ($rows = mysql_fetch_array($query)) {
				$location.=$rows['pPicture'];
				$update=mysql_query("UPDATE product SET pPicture = '$location' WHERE pID='".$roomid."'") or die(mysql_error());
				header("location: products.php");
			}
			else{
				header("location: products.php");
			}
		}
	}
exit();
mysql_close();
?>